commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luís Filipe Nassif <lfcnas...@gmail.com>
Subject Re: [COMPRESS] zip-bomb prevention for Z?
Date Thu, 13 Apr 2017 20:43:31 GMT
I have reported a similar issue to them, see Compress-382, maybe those
issues should be handled at Compress side, if I understood correctly the
API contract.

Luis


Em 13 de abr de 2017 3:36 PM, "Allison, Timothy B." <tallison@mitre.org>
escreveu:

On TIKA-1631 [1], users have observed that a corrupt Z file can cause an
OOM at Internal_.InternalLZWStream.initializeTable.  Should we try to
protect against this at the Tika level, or should we open an issue on
commons-compress's JIRA?

A second question, we're creating a stream with the CompressorStreamFactory
when all we want to do is detect.  Is there a recommended way to detect the
type of compressor without creating a stream?

Thank you!

            Best,

                     Tim

[1] https://issues.apache.org/jira/browse/TIKA-1631

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message